


Sarif Industries Security

by Princ3squ3



Category: Deus Ex (Video Games), Deus Ex: Human Revolution
Genre: Gen
Language: English
Status: Completed
Published: 2019-12-24
Updated: 2019-12-24
Packaged: 2021-02-26 01:54:28
Rating: Teen And Up Audiences
Warnings: No Archive Warnings Apply
Chapters: 1
Words: 1,291
Publisher: archiveofourown.org
Story URL: https://archiveofourown.org/works/21935557
Author URL: https://archiveofourown.org/users/Princ3squ3/pseuds/Princ3squ3
Summary: In which a friendly neighborhood penetration tester critiques Pritchard's security
Comments: 1
Kudos: 9





	Sarif Industries Security

Dear Pritchard,

As your friendly local Penetration Tester, I feel it is my duty to inform you that I have found your organization to be in gross violation of a number of standard security measures. I have outlined your offenses below. If you do not immediately rectify these affronts to our Lord and Savior ISO27K, I will have to take further action to impress upon you the severity of your incompetence.

**Physical/Perimeter Security**

The expansive lobby, littered with large displays that obstruct line of sight, interferes with the security guards’ and receptionist’s ability to track visitors as they enter the facility. The lightly guarded, wide staircase and elevator tucked away in the corner leave ample opportunity for intruders to enter undetected.

Recommendations: Relocate the displays to a side wing and install turnstiles near the stairs and a card reader on the elevator.

The security cameras are insufficient in number and appear to be emitting an unusual green laser that allows observers to track their direction. At least one appears to be deactivated or out of order. Furthermore, the terminal used to monitor the cameras was unlocked and abandoned – an issue we will return to in depth later.

Recommendations: Have a guard monitoring the cameras at all times – what good is a camera no one’s watching? Shut down the goddamn laser light show, get some new cameras, and ensure that they are _turned on_.

(Oh, you say the cameras are Jensen’s responsibility? Never mind, then. Carry on.)

On to the air ducts. Oh boy, the air ducts. Where to begin with this....

No. Just no. Please, someone, _anyone_ , explain to me the need for the ground-level, comfortably man-sized air tunnels threading through this whole damn facility.

Recommendations: Stronger grates? Security cameras? Guards? Quite frankly, I don’t know what to make of this. Nothing in Physical Security 101 prepared me for this horrifying oversight.

**Digital Security**

There’s a lot going on here, so allow me to present a general overview of your incompetence before I break it down room by room.

The workstations belonging to Lyle Rogers, Faridah Malik, Will Rosellini, Mika Pine, Diane Gonzalez, Cal Lopez, Denzel Mitchell, Tim Carella, and Andrea Van Wesel were left unlocked and abandoned. Now, I would understand if this had occurred as the clock struck “lunch,” when almost 100 percent of your employees could be expected to flee their workstations at once, with nary a thought for security. However, my investigation took place at precisely 7:03 p.m., after your employees had returned home to rest their weary hearts and minds and prepare their tattered souls for tomorrow’s grind.

If you have not yet caught on, let me make this simple for you. If one were to search under “Settings,” one would find a nifty option that would allow an individual to set the workstation to lock after a specified period of time has elapsed. Ta-da!

Recommendations: A mandatory, in-person security training session and a competent IT department.

* The presence of foreign bodies rendered the desktops belonging to Jerry Maher and Heather Stichner inaccessible, and as such, I was unable to perform a thorough evaluation.

Now, I want to take an extra moment out of my day to call attention to my good buddy Ted Bruger. Of _every_ workstation I had the good fortune to grace with my presence, his was the _only one_ that posed a challenge. Locked! Can you imagine my elation?

However, that elation turned to deflation upon my notice of a little, yellow... STICKY NOTE. With his password boldly sprawled across it in permanent marker! Well, the joke is on you, buddy. Now your _shame_ is permanent.

Let us transition to the topic of sharing passwords. I am aware that you have informed your employees that they should “NEVER” write down their passwords or share them with others. Well, it is to my great dismay that I must inform you that your employees have, once again, been disregarding your instructions.

My records, compiled from digital evidence lifted from several workstations, show that Ted Bruger shared his office code with Will Rosellini and Brian Tindall shared Faridah Malik’s office code with Tim Carella. It is highly concerning that Brian Tindall, a former employee fired for tampering with intellicam footage, possesses still-relevant office codes. Finally, you yourself shared the helipad storage code with Faridah Malik. While I do understand that Faridah Malik has need to access the helipad storage, perhaps, given your employees’ tendency to not follow basic instructions, you could consider _not_ emailing passwords that could more securely be conveyed in person?

My report does not and cannot include passwords and codes spread through word of mouth, and as such, this problem could be more rampant than my findings suggest.

**Frank Pritchard**

I thought I might honor you by calling attention to your own most egregious failings.

Firstly, your security policies:

“Our firewall has been rigorously designed to withstand even the most persistent of outside attacks.”

I certainly hope your firewall is not the _only_ defensive system you have in place, and yet, I fear that it is. Please, I beg you, consider a layered approach. Your criteria for security measures should not be “sounds cool.” That is Jensen’s department.

“NEVER write down your password or give it to anyone else UNLESS he has SYSTEMS ADMINISTRATION AUTHORITY!”

I believe this sentence should have ended at “else.” Competent systems administrators have other methods for accessing user data, although I should not have expected you to know this.

“SURF THE INTERNET ONLY when you are in the safety and comfort of your own home.”

No.

Secondly, your handling of The Great Neuropozyne Heist:

The answer was in the emails. Perhaps you could have uncovered this yourself if you had done your job instead of playing detective. This is also Jensen’s department.

Consider implementing a more invasive monitoring policy. Sarif employees do not read the manual, and therefore would not protest. (Please consult a lawyer.)

Thirdly, your personal data security:

Your password should not be your handle. As important as Nucl3arsnake is to you, one would hope that you would value your security and job more. Additionally, I hear that you submitted a script to Picus TV concerning “Nucl3arsnake: Hacker Extraordinaire.” This is the antithesis of secrecy. Please desist.

BWAHAHAHAAHAHAA.... Okay, I’m sorry, but this is just too perfect. The poetry!

You sent an email concerning the update of important passwords, _included a reminder to delete the email upon reading it_ , and then... didn’t delete it yourself? Oh, how irony suits you.

And Picus TV was right. Your show concept is horridly prosaic.

Your relentless fan,

SneakyBoi69

P.S. Not a security issue, per se, but why the everloving fuck does the boss have four (4) urinals and two (2) toilets!? To think that I had to wait 10 whole minutes for a stall to open up yesterday, and yet there he is, basking in the pearly radiance of his private arsenal of elimination facilities. For shame!

~~~

Jensen: Malik, what do you think?

Malik: I think you should write up your security reports like the reasonable man I know you are. Deep down. Very deep down.

~~~

Hello, “SneakyBoi69,”

I thank you for your lovingly crafted suggestions, and will take them into consideration during future updates to our security policy.

I regret to inform you, though, that you have made an oversight of your own.

“Physical Security” is not under my jurisdiction, as you would know if you -- *ahem* as “Jensen” would know if he spent more time doing his job and less time touring walls and women’s restrooms.

Sincerely yours,

Nucl3arSnake

P.S. If “penetration tester” is a position that interests you, drop by my office later. I have some work for you >:3


End file.
